Repository: wicket Updated Branches: refs/heads/master dbfe3461e -> 5e1ced34e
WICKET-6242 Weak concurrency management in AuthenticatedWebSession#signedIn Project: http://git-wip-us.apache.org/repos/asf/wicket/repo Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/4fdc8175 Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/4fdc8175 Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/4fdc8175 Branch: refs/heads/master Commit: 4fdc8175cab0d842c7aeeb52366338ceaac250d9 Parents: dbfe346 Author: Martin Tzvetanov Grigorov <mgrigo...@apache.org> Authored: Sat Sep 10 13:12:28 2016 +0200 Committer: Martin Tzvetanov Grigorov <mgrigo...@apache.org> Committed: Mon Sep 19 21:38:11 2016 +0200 ---------------------------------------------------------------------- .../authentication/AuthenticatedWebSession.java | 23 ++++++++++++-------- 1 file changed, 14 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/wicket/blob/4fdc8175/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java ---------------------------------------------------------------------- diff --git a/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java b/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java index a5df531..744811b 100644 --- a/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java +++ b/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java @@ -16,10 +16,11 @@ */ package org.apache.wicket.authroles.authentication; +import java.util.concurrent.atomic.AtomicBoolean; + import org.apache.wicket.Session; import org.apache.wicket.request.Request; - /** * Basic authenticated web session. Subclasses must provide a method that authenticates the session * based on a username and password, and a method implementation that gets the Roles @@ -39,7 +40,7 @@ public abstract class AuthenticatedWebSession extends AbstractAuthenticatedWebSe } /** True when the user is signed in */ - private volatile boolean signedIn; + private final AtomicBoolean signedIn = new AtomicBoolean(false); /** * Construct. @@ -62,12 +63,16 @@ public abstract class AuthenticatedWebSession extends AbstractAuthenticatedWebSe */ public final boolean signIn(final String username, final String password) { - signedIn = authenticate(username, password); - if (signedIn) + if (signedIn.compareAndSet(false, true)) { - bind(); + boolean authenticated = authenticate(username, password); + if (authenticated) + { + bind(); + } + signedIn.set(authenticated); } - return signedIn; + return signedIn.get(); } /** @@ -96,7 +101,7 @@ public abstract class AuthenticatedWebSession extends AbstractAuthenticatedWebSe */ protected final void signIn(boolean value) { - signedIn = value; + signedIn.set(value); } /** @@ -105,7 +110,7 @@ public abstract class AuthenticatedWebSession extends AbstractAuthenticatedWebSe @Override public final boolean isSignedIn() { - return signedIn; + return signedIn.get(); } /** @@ -124,7 +129,7 @@ public abstract class AuthenticatedWebSession extends AbstractAuthenticatedWebSe @Override public void invalidate() { - signedIn = false; + signedIn.set(false); super.invalidate(); } }